Versions Compared

Old Version 15

changes.mady.by.user Hernan Cunico

Saved on

compared with

New Version Current

changes.mady.by.user Hernan Cunico

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

security:securityType is the global type that defines security requirements of an application with respect to the J2EE role mapping to Principals.

Code Block
xml
xml
borderStylesolidxml
<xsd:complexType name="securityType">
   <xsd:sequence>
      <xsd:element name="description" type="security:descriptionType" 
         minOccurs="0" maxOccurs="unbounded"/>
      <xsd:element name="default-principal" type="security:default-principalType"/>
      <xsd:element name="role-mappings" type="security:role-mappingsType" 
         minOccurs="0"/>
   </xsd:sequence>
   <xsd:attribute name="doas-current-caller" type="xsd:boolean" default="false"/>
   <xsd:attribute name="use-context-handler" type="xsd:boolean" default="false"/>
   <xsd:attribute name="default-role" type="xsd:string"/>
</xsd:complexType>

...

security:default-principalType is a sequence of optional description, the choice of principal, login-domain-principal, realm-principal, followed by a sequence of
named-username-password-credential elements.

Code Block
xml
xml
borderStylesolidxml
<xsd:complexType name="default-principalType">
   <xsd:sequence>
      <xsd:element name="description" type="security:descriptionType" 
         minOccurs="0" maxOccurs="unbounded"/>
      <xsd:choice>
         <xsd:element name="principal" type="security:principalType"/>
         <xsd:element name="login-domain-principal" 
            type="security:loginDomainPrincipalType"/>
         <xsd:element name="realm-principal" type="security:realmPrincipalType"/>
      </xsd:choice>
      <xsd:element name="named-username-password-credential" 
         type="security:named-username-password-credentialType" minOccurs="0" 
            maxOccurs="unbounded"/>
   </xsd:sequence>
</xsd:complexType>

...

security:principalType defines authenticated principal.

Code Block
xml
xml
borderStylesolidxml
<xsd:complexType name="principalType">
   <xsd:sequence>
      <xsd:element name="description" type="geronimo:descriptionType" 
         minOccurs="0" maxOccurs="unbounded"/>
   </xsd:sequence>
   <xsd:attribute name="class" type="xsd:string" use="required"/>
   <xsd:attribute name="name" type="xsd:string" use="required"/>
   <xsd:attribute name="designated-run-as" type="xsd:boolean" default="false"/>
</xsd:complexType>

...

login-domainPrincipalType extends principalType.

Code Block
xml
xml
borderStylesolidxml
<xsd:complexType name="loginDomainPrincipalType">
   <xsd:complexContent>
      <xsd:extension base="security:principalType">
         <xsd:attribute name="domain-name" type="xsd:string" use="required"/>
      </xsd:extension>
   </xsd:complexContent>
</xsd:complexType>

...

realmPrincipalType extends security:loginDomainPrincipalType.

Code Block
xml
xml
borderStylesolidxml
<xsd:complexType name="realmPrincipalType">
   <xsd:complexContent>
      <xsd:extension base="security:loginDomainPrincipalType">
         <xsd:attribute name="realm-name" type="xsd:string" use="required"/>
      </xsd:extension>
   </xsd:complexContent>
</xsd:complexType>

...

This element defines username - password credential.

Code Block
xml
xml
borderStylesolidxml
<xsd:complexType name="named-username-password-credentialType">
   <xsd:sequence>
      <xsd:element name="name" type="xsd:string"/>
      <xsd:element name="username" type="xsd:string"/>
      <xsd:element name="password" type="xsd:string"/>
   </xsd:sequence>
</xsd:complexType>

...

Note that ideally we want to map to DomainPrincipals or RealmPrincipals. This type of mapping is not supported in Geronimo M5 or earlier milestones. The only type of mapping in M5 and before is principalType mapping and dn mapping.

Code Block
xml
xml
borderStylesolidxml
<xsd:complexType name="roleType">
   <xsd:sequence>
      <xsd:element name="description" type="security:descriptionType" minOccurs="0" maxOccurs="unbounded"/>
      <xsd:element name="realm-principal" type="security:realmPrincipalType" minOccurs="0" maxOccurs="unbounded"/>
      <xsd:element name="login-domain-principal" 
         type="security:loginDomainPrincipalType" minOccurs="0" maxOccurs="unbounded"/>
      <xsd:element name="principal" type="security:principalType" minOccurs="0" maxOccurs="unbounded"/>
      <xsd:element name="distinguished-name" 
         type="security:distinguishedNameType" minOccurs="0" maxOccurs="unbounded"/>
   </xsd:sequence>
   <xsd:attribute name="role-name" type="xsd:string" use="required"/>
</xsd:complexType>

...

Type distinguishedNameType

Code Block
xml
xml
borderStylesolidxml
<xsd:complexType name="distinguishedNameType">
   <xsd:sequence>
      <xsd:element name="description" type="security:descriptionType" 
         minOccurs="0" maxOccurs="unbounded"/>
   </xsd:sequence>
   <xsd:attribute name="name" type="xsd:string" use="required"/>
   <xsd:attribute name="designated-run-as" type="xsd:boolean" default="false"/>
</xsd:complexType>

...

security:descriptionType element allows description to be inserted in any other element. This type extends schema string type with the reference to the global xml:lang attribute.

Code Block
xml
xml
borderStylesolidxml
<xsd:complexType name="descriptionType">
   <xsd:simpleContent>
      <xsd:extension base="xsd:string">
         <xsd:attribute ref="xml:lang"/>
      </xsd:extension>
   </xsd:simpleContent>
</xsd:complexType>

...